SCEA 5 (Part II) � Authentication and Authorization

The SCEA 5 assignment never specifically mentions authentication and authorization in the requirements for the application that needs to be designed. Is it fair to assume that they are out of scope, and mention this in the �Design Assumptions� section of the write-up?

Originally posted by Dan Jones: The SCEA 5 assignment never specifically mentions authentication and authorization in the requirements for the application that needs to be designed.

What do you mean by "never"? There were some requirements about this in my assignment. I don't know how specific I can be to mention details of the assignment...

Dan Jones
Greenhorn

Joined: Apr 01, 2005
Posts: 5

posted Apr 18, 2008 11:31:00

0

By �never,� I mean that there is absolutely no mention of logging into the system, user profile management, or any authentication/authorization requirements.

My recollection is that this was not the case for the old SCEA exam, but in my SCEA 5 assignment, authentication/authorization is apparently ignored. Perhaps because SCEA 5 has new deliverables (deployment diagram, risks and mitigation, etc.), the use case load has been lightened.

I am quite positive that as long as we document our choices properly in the �Design Assumptions� section in our write-up, the decision to ignore a non-existent requirement cannot be held against us. However, a small part of me fears that the exam creators want us to believe that securing an application is a fundamental, implied enterprise architecture requirement, and that our design has to take this into account in order to receive full credit, despite the lack of explicit requirements.

For questions / discussions on the assignment, in general we will allow discussion where members are trying to understand the domain model and/or terms used in the assignment. We will also allow questions about which tools to use.

But we will not allow discussion on a solution to the assignment (or a part of the assignment) itself.